Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

Oracle linux
Oracle linuxadded 2018/11/05 12:0 a.m.519 views

openssl security, bug fix, and enhancement update

1.0.2k-16.0.1 - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on FIPS DSA parameter generation 1603597 1.0.2k-14 - ppc64le is not multilib architecture 1585004...

7.5CVSS2.1AI score0.78382EPSS
Exploits1
UbuntuCve
UbuntuCveadded 2018/02/27 7:29 p.m.19 views

CVE-2018-6535

An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker...

8.1CVSS7.1AI score0.00327EPSS
Exploits0References3
seebug.org
seebug.orgadded 2017/04/19 12:0 a.m.29 views

Microsoft Edge: Use-after-free in TypedArray.sort(CVE-2016-7288)

There is a use-after-free in the TypedArray. sort. In TypedArrayCompareElementsHelper https://chromium.googlesource.com/external/github.com/Microsoft/ChakraCore/+/TimeTravelDebugging/lib/Runtime/Library/TypedArray.cpp, the comparison function is called with the following code: Var retVal =...

7.6CVSS7.8AI score0.79309EPSS
Exploits2
RedHat Linux
RedHat Linuxadded 2015/06/15 8:48 p.m.1 views

OpenSSL: out-of-bounds read in X509_cmp_time

An out-of-bounds read flaw was found in the X509cmptime function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL Certificate Revocation List, which when parsed by an application would cause...

7.5CVSS7.1AI score0.04532EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2013/09/04 12:0 a.m.21 views

Amazon Linux AMI : openvpn (ALAS-2013-201)

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. ...

2.6CVSS5.3AI score0.0145EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2013/05/28 12:0 a.m.30 views

Mandriva Linux Security Advisory : openvpn (MDVSA-2013:167)

Updated openvpn package fixes security vulnerability : OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. Plaintext recovery may be possible using a padding oracle attack on the CBC mode cipher implementati...

2.6CVSS5.5AI score0.0145EPSS
Exploits1References1
NVD
NVDadded 2007/08/16 6:17 p.m.11 views

CVE-2007-4375

The administrative interface aka DkService.exe in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to 1 obtain sensitive information process memory contents, as demonstrated by an attack th...

5.8CVSS6.7AI score0.1349EPSS
Exploits1References9
Prion
Prionadded 2007/08/16 6:17 p.m.8 views

Design/Logic Flaw

The administrative interface aka DkService.exe in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to 1 obtain sensitive information process memory contents, as demonstrated by an attack th...

5.8CVSS7.3AI score0.1349EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder